# A version of the ActiveScripting engine that enables rexec support
# This version supports hosting by IE - however, due to Python's
# rexec module being neither completely trusted nor private, it is
# *not* enabled by default.
# As of Python 2.2, rexec is simply not available - thus, if you use this,
# a HTML page can do almost *anything* at all on your machine.
# You almost certainly do NOT want to use thus!
import pythoncom
from win32com.axscript import axscript
import winerror
import pyscript
INTERFACE_USES_DISPEX = 0x00000004 # Object knows to use IDispatchEx
INTERFACE_USES_SECURITY_MANAGER = 0x00000008 # Object knows to use IInternetHostSecurityManager
class PyScriptRExec(pyscript.PyScript):
# Setup the auto-registration stuff...
_reg_verprogid_ = "Python.AXScript-rexec.2"
_reg_progid_ = "Python" # Same ProgID as the standard engine.
# _reg_policy_spec_ = default
_reg_catids_ = [axscript.CATID_ActiveScript,axscript.CATID_ActiveScriptParse]
_reg_desc_ = "Python ActiveX Scripting Engine (with rexec support)"
_reg_clsid_ = "{69c2454b-efa2-455b-988c-c3651c4a2f69}"
_reg_class_spec_ = "win32com.axscript.client.pyscript_rexec.PyScriptRExec"
_reg_remove_keys_ = [(".pys",), ("pysFile",)]
_reg_threading_ = "Apartment"
def _GetSupportedInterfaceSafetyOptions(self):
# print "**** calling", pyscript.PyScript._GetSupportedInterfaceSafetyOptions, "**->", pyscript.PyScript._GetSupportedInterfaceSafetyOptions(self)
return INTERFACE_USES_DISPEX | \
INTERFACE_USES_SECURITY_MANAGER | \
axscript.INTERFACESAFE_FOR_UNTRUSTED_DATA | \
axscript.INTERFACESAFE_FOR_UNTRUSTED_CALLER
if __name__=='__main__':
print "WARNING: By registering this engine, you are giving remote HTML code"
print "the ability to execute *any* code on your system."
print
print "You almost certainly do NOT want to do this."
print "You have been warned, and are doing this at your own (significant) risk"
pyscript.Register(PyScriptRExec)
|